Dragon Guard runs as a standard .NET 8 ASP.NET Core Web API. All you need to get up and running locally is the .NET 8 SDK, a reachable SQL Server instance, and a few configuration values. The steps below walk you from a fresh clone to your first authenticated warehouse API call.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_BACK/llms.txt
Use this file to discover all available pages before exploring further.
Configure the API
Open
appsettings.json at the project root. At minimum you must supply a valid SQL Server connection string under ConnectionStrings:WmsDb and JWT signing parameters under the Jwt block. The file ships with development defaults — replace them before running in any shared or production environment.appsettings.json
Jwt:Key is loaded at startup and will throw an InvalidOperationException if absent — the API will refuse to start without it. See the Configuration page for a full reference of every supported key.Run the API
Build and start the API from the project directory:On first run (and after every migration is added), the API automatically applies any pending EF Core migrations against The default launch profile binds to
WmsDb before the HTTP server begins accepting requests:http://0.0.0.0:5262, making the API reachable from your browser, any local frontend, and physical handheld devices on the same Wi-Fi network. In the Development environment, Swagger UI is automatically enabled at:Log in and obtain a JWT token
All protected endpoints require a Bearer token issued by A successful response returns HTTP Copy the
POST /api/auth/login. Send your credentials as JSON:200 with the following shape:token value and the companyId of the company you want to work with — you will need both in the next step.Handheld devices use a dedicated login endpoint that accepts a device identifier alongside credentials and auto-registers the device on first contact. See Handheld Login for details.
Make an authenticated warehouse request
Every tenant-scoped endpoint requires the JWT in the The middleware resolves
Authorization header and the target tenant’s GUID as the companyId query parameter (or the X-Company-Id request header). The following example lists all items for a given company:companyId from (in order of precedence):- The
companyIdquery-string parameter - The
X-Company-Idrequest header - The
companyIdclaim embedded in the JWT
403 Forbidden or 402 Payment Required respectively — no business logic runs.Explore with Swagger UI
While running in the Development environment, the full interactive API reference is available at:Swagger is pre-configured with two security schemes:
- Bearer — paste your JWT token to authenticate all subsequent requests in the UI.
- X-Api-Key — used exclusively for ERP integration endpoints under
/api/v1/integration/*.
handheld launch profile and replace localhost with your PC’s Wi-Fi IPv4 address (the default configuration targets 192.168.100.4:5262).